Confidence Falls In Corporate Cyber Defences

Study from BAE Systems Detica shows British industry is expecting an escalation of cyber attacks but lacks the confidence to deal with it

Six months on from the launch of the UK Government’s Cyber Security Strategy, 85% of businesses say they expect the number of cyber attacks to increase over the next few years, according to “Business and The Cyber Threat: Curiously Confident?” Detica’s 2012 Cyber Security Monitor. When asked about the likely trend in the number of attacks, only 6% believe the number of cyber attacks will remain constant and only 4% expect it to decrease.

And those companies that have estimated the likely financial impact of a targeted cyber attack consider it to be substantial. A third (34%) estimate it to be over £50m, with none estimating it will cost less than £1m. When asked what would make their board take the business risk of cyber attacks more seriously 61% stated an attack on their company or a competitor.

There is some evidence of growing uncertainty, with those that say they are ‘very confident’ dropping markedly from 34% to 22%, or to around one in four respondents.

However, there appears little willingness to admit real vulnerability, with 89% of respondents describing themselves as fairly (67%) or very (22%) confident that they are well-equipped to prevent targeted attacks, compared to 94% in Detica’s inaugural Cyber Security Monitor in 2010. Curious, given recent high-profile attacks.

Despite this overall level of confidence, appetite for engagement with the government is strong, suggesting that companies believe there is still much to be understood. A quarter (26%) of businesses say they are already engaged with government, with a further half (49%) saying they would be interested in engaging but have not done so yet. Only 9% say they do not want to engage.

For those not currently engaged with the Government around cyber security, further information (10%) and assurances of the benefits (11%) are cited as the main factors that would encourage greater collaboration.

Henry Harrison, Technical Director at BAE Systems Detica said: “2011 has clearly led businesses to re-evaluate the level of cyber threat and impact, but it seems they are slower to recognise their true level of vulnerability.

“However, raised awareness about cyber risk has increased the private sector’s desire for collaboration with the Government to formulate new responses to this rapidly growing challenge. Given the remaining scepticism about the level of vulnerability to the threats businesses face, there is a clear incentive for government to step-up its cyber security efforts in this area.

“What is encouraging is that businesses have signalled that the door is open for the Government to progress the discussion.”

Last year was certainly seen as a landmark year for cyber attacks. When asked their thoughts on what happened in 2011, 88% of businesses say that “2011 was just the beginning and the situation is likely to continue on a similar or increased scale in future”. One legacy of last year’s spate of attacks is that businesses are now most wary of organised criminal groups and professional fraudsters. 73% felt that these criminals are the most likely groups to mount a targeted cyber attack, an increase of 15 percentage points from the research in 2010.

Businesses are less concerned about attacks from their own employees - down to 42%, compared with 56% last time. Interestingly, 28% felt that state-sponsored spies were likely to mount a targeted attack and of those concerned about industrial espionage (43%), more than half (56%) are worried about state sponsored spies.

Henry Harrison, Technical Director at BAE Systems Detica added: “We’d urge businesses to remain cautious and to evaluate their defences, rather than waiting until they are attacked before acting.

“We’ve seen a growing number of businesses lock the door after the horse has bolted. We want to ensure that 2011 isn’t the beginning of a decade of our cyber adversaries staying ahead of us. Let’s hope businesses’ confidence in their defences is merited.”